I found the following link, on SAML 2.0 between SAP and a third party web server :
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/b1/491705355b4471a2e3551024f91ce0/content.htm
I understanding that there are some licensing aspects in downloading SAP IdP software, but I just want here to submit the technical feasibility :
We are running EP Portal 7.31 SPS4, So I was wondering if we could use the EP Portal both as Identity Provider and Service Provider :
1 : User logs into eSMP (IBM Domino Website), from there, the users are redirected to the Identity Provider, namely the SAP Portal, and log on
2 : The SAP Portal/Identity Provider issues a SAML token and redirects the user back to the service provider eSMP (IBM Domino Website), users can access the Domino website functions as normal.
3 : From the eSMP, the user tries to access the SAP Portal (now as a service Provider)
4. The user is already authenticated at the SAP Portal/Identity provider, so it would issues another SAML 2 token for itself ( or more precisely for the SAP Portal/ServiceProvider) and the user is redirected to the SAP Portal
4. From the sap Portal, the user can access any SAP backend (ECC,BW,SCM) using "traditional" authentication mechanism SAP SSO Tickets
Again, it is highly theoretical, I just wanted to know if anything here would make you scream ?
Thanks and Regards